Managing app developers

Edge provides many benefits that are completely dependent on knowing who's calling your APIs. For example, API security, traffic management, and a fair amount of analytics data depend on knowing who's calling. And how does Edge know who's calling your APIs? By reading unique information in each API call, such as a user ID, an API key, or an OAuth token. That unique information locks or unlock the functionality you build into your API proxies, giving you full control over API access and behavior.

That's why app developers need to register to use your APIs. Once added, developers register their apps, choose the APIs they want to use, and receive the unique API credentials (consumer keys and secrets) needed to access your APIs.

API security, traffic management, and developer/app analytics are dependent on proper API proxy configuration. For example, you need to add the right policies to your proxies, such as API key validation or OAuth access token verification, quota enforcement, and rate limiting. Those policies identify which specific developer and app is making the call, which in turn enables API security enforcement, developer- or app-specific traffic management, API analytics capture, and other functionality. Technically, you could develop open APIs that don't check for API keys or access tokens, which means you wouldn't really need to register developers. But we strongly discourage this, because you lose API security, lose control over performance (through good traffic management), lose out on analytics data, and miss out on other major benefits that Edge provides.

You can access the Drupal-based Developer Services portal from this page by clicking Dev Portal. If you have not created a developer services portal and wish to, click Submit a request in the dialog box to be redirected to a page that describes how to set up a developer portal.

If you use the Drupal-based Developer Services portal, Apigee recommends that you log into the portal as a portal administrator to manually create, edit, and delete developers on the portal, not in the Edge UI. When you add a developer through the administrator interface on the portal, you can set the developer's password for the portal and trigger an automated email message sent to the developer. Also, any changes made to the developer's account on the portal are automatically sent to Edge. When adding or modifying a developer through Edge, no email is sent to the developer and you cannot set the password for the developer on the portal. Therefore, the developer must reset their password on the portal before they can log into the portal. For more information, see Add and manage user accounts.

Deactivating a developer

When you deactivate a developer, none of that developer's API keys can be used to make API calls to Edge. The developer can still log into the developer portal and create apps, but none of the corresponding keys will work. The developer's apps still retain their approved (or other) status, as do the API keys, even though they're not valid while the developer is inactive.

When a developer is inactive, and you view the Developer App Details page for each of the developer's apps in the management UI, the status label on the app and API keys appears in strikethrough text (Approved or Revoked); and if you mouse over the label, the tooltip says the developer is inactive. If you reactivate a developer, the strikethrough disappears, and approved apps and API keys are valid again.

If the developer is in multiple organizations, perform these steps in each organization.

Deactivate a developer in the management UI

Go to Publish > Developers > [developer] > Edit.

Click Deactivate in the Status field.

「Save」をクリックします。

After deactivation, it may take a few minutes for the change to be updated on all message processors. Until then, some calls by the developer's app may continue to make it through successfully.

You can re-activate a developer by editing the developer in the management UI and clicking Activate, or by using the management API and setting the developer's status to active. Again, it may take a few minutes for the change to be recognized by all message processors.

ポータルを、Edge UI を使用して変更されたデベロッパと同期させる

If you are using a Developer Services portal to publish your APIs, changes made to developers through the Edge UI are not pushed down to the portal. Therefore, you must log into the portal as a portal administrator and synchronize the portal with Edge for those changes to appear on the portal.

デベロッパを会社にグループ化する

With monetization, a company is a collection of developers managed as a single entity. A company can be any grouping that is appropriate to your organization such as business unit, product line, or division. Grouping developers into companies is useful when your need to have multiple developers associated under a single corporate entity. For example, you may need to set up different companies for billing purposes. However, developers in your organization don't need to be associated with a company. Note that a developer is always a single entity, uniquely identified by the email element. If a developer is part of a company you'll see the Company name on the Developers page.